Roles and Responsibilities: Shared Workspace Business Sponsor
The Shared Workspace Business Sponsor (SW Business Sponsor) has overall responsibility for ensuring that the Shared Workspace (SW) deployments for which they are accountable are managed effectively and in accordance with HMRC policy.
The SW Business Sponsor must be a grade 7 or above.
Some business units may have multiple streams that are responsible for different types of work. It would not be unusual in these circumstances for there to be a number of SW Business Sponsors, each accountable for their own individual streams and SW deployments.
The duties of the SW Business Sponsor are crucial to the security and management of the SW service. The SW Business Sponsor may choose to delegate some duties. However, accountability remains with the SW Business Sponsor.
The SW Team must be advised of the name of the replacement if the SW Business Sponsor changes.
The Business Sponsor has responsibility to:
- Approve the use of SW and sign off the SW Application form for each deployment.
- Liaise with the Business Unit Data Guardian to obtain
- initial approval for SW to be used for the deployment
- the initial Data Usage Agreement
- the annual Data Usage Agreement
Note: Information about the Data Guardian role and completion of Data Usage Agreement is at SW03510.
- Advise the Data Guardian in writing if and when the business need for the SW deployment ends.
- Annually complete the SW Business Sponsor Certificate of Assurance SW03540 to confirm thatBusiness Authorising Officers (BAOs) have been appointed in accordance with the standards set out in the SW Business Manual SW05220
- BAOs have successfully completed the HMRC BAO Online Learning SW02220
- BAOs have successfully carried out their mandatory reviews SW03605.
In addition, the SW Business Sponsor is responsible for
- ensuring that the terms of this Data Usage Agreement are observed
- ensuring that the data is stored, processed and used in accordance with HMRC Security Strategy.
- reporting to the Data Guardian all successful and attempted intrusions SW03245
- reporting all successful and attempted intrusions to S&ID
- ensuring that the data is used only for the purposes explicitly stated in the Data Usage Agreement
- ensuring that data within SW does not and will not exceed the GSC marking of Official-Sensitive